Skip to content

Pending items

Jump to bottom
Suraj Patil edited this page Aug 26, 2016 · 2 revisions

Folks on Reddit were very helpful for me, below is the advice I got from them. Partially everything they told me, I have included in my book.

  • handling errors rather than just printing them
  • non-cookie based authentication schemes such as JWT
  • When explaining how to make a form, you should explain CSRF and white-listing of parameters. done > When explaining how to capture GET vs POST methods, be sure to explain the many security implications. (GET parameters are logged by reverse proxies and browser histories, web accelerators request GET w/o user clicking, GET is more likely to be cached, etc.) Even when explaining web server development, explain the security implications of binding to 127.0.0.1 vs 0.0.0.0. (I.e. when developing, do you trust everyone on the local network? What if you open your laptop in a cafe that happens to be across the street from Defcon?) Explain concepts like "never use a client filename without security scrubbing" and "security problems when using UTF-8"
  • Have a chapter on middleware and using now standard context package. Touch on templates and strategies with templates (unless you want to limit the book to RESTful services). Mention advanced topics (do not necessarily expand on them though but keep readers appraised of possibilities) like content negotiation, cookies, HTTP2, custom headers
  • Routing is a big deal if you're making a web application or a server and I think that you should focus more on that. At least separate routing logic from your handlers. Seeing your handler check the method and/or process the URI was a bit painful since that is a clear job of the router.
  • I did not see form submission/validation. I would even show how to submit a file.
  • Modern web applications are usually written in JS so I think that you could have an entire chapter on that. At the very least, show how to route an Ajax request to a handler
  • Sessions/cookies are very important to a web application
  • would be to show how to talk to a DB over http or sockets because a scaled web application will not have its own DB on the same box. You could also show how to do basic caching.

Written with ❤️ in India with help from around the 🌏

Clone this wiki locally